Hermetic xz

[ewhauser]

xz isn't available on MacOS without installing additional utilities. I'm currently using this workaround using bazel-lib's bsd tar:

diff --git a/debian_packages/private/utils.bzl b/debian_packages/private/utils.bzl
index a936c41..143439e 100644
--- a/debian_packages/private/utils.bzl
+++ b/debian_packages/private/utils.bzl
@@ -29,7 +29,25 @@ def debfile_layer_rule(name = "layer"):
         name = name,
         srcs = [":data.tar.xz"],
         outs = ["data.tar"],
-        cmd = "xz --decompress --stdout $< >$@",
+        # This is gross hack to get a hermetic version on xz which isn't standard on OSX
+        cmd = """
+            if command -v xz >/dev/null 2>&1; then
+                xz --decompress --stdout $< >$@
+            else
+                # Create a temporary directory
+                TEMPDIR=$$(mktemp -d)
+        
+                # Extract the tarball to the temporary directory
+                tar -xf $(SRCS) -C $$TEMPDIR
+        
+                # Re-tar the contents of the temporary directory
+                tar -cf $(@) -C $$TEMPDIR .
+        
+                # Clean up the temporary directory
+                rm -rf $$TEMPDIR
+            fi
+        """,
+        toolchains = ["@bsd_tar_toolchains//:resolved_toolchain"],
         visibility = ["//visibility:public"],
     )

as a fallback if xz isn't available on the host.

Not sure if there are better appraoches?

[betaboon]

@alexeagle i think what we could do:
since the tar-toolchain of bazel-lib uses libarchive we could also expose bsdcat as a separate toolchain.
bsdcat could then be used as a replacement for xz (i.e. bsdcat data.tar.xz > data.tar)

what do you think ?

[betaboon]

rules_debian_packages is being deprecated in favor of rules_distroless.
See #53